b"                   AUDIT REPORT\n\n\n                      Audit of NRC\xe2\x80\x99s Force-on-Force\n                            Inspection Program\n\n\n                        OIG-09-A-12 July 30, 2009\n\n\n\n\nAll publicly available OIG reports (including this report) are accessible through\n                              NRC\xe2\x80\x99s Web site at:\n             http:/www.nrc.gov/reading-rm/doc-collections/insp-gen/\n\x0c                                 UNITED STATES\n                         NUCLEAR REGULATORY COMMISSION\n                                 WASHINGTON, D.C. 20555-0001\n\n\n\nOFFICE OF THE\nINSPECTOR GENERAL\n\n\n                                          July 30, 2009\n\n\nMEMORANDUM TO:              R. William Borchardt\n                            Executive Director for Operations\n\n\n\nFROM:                       Stephen D. Dingbaum /RA/\n                            Assistant Inspector General for Audits\n\n\nSUBJECT:                    AUDIT OF NRC\xe2\x80\x99S FORCE-ON-FORCE INSPECTION\n                            PROGRAM (OIG-09-A-12)\n\n\nAttached is the Office of the Inspector General\xe2\x80\x99s (OIG) audit report titled, Audit of NRC\xe2\x80\x99s\nForce-on-Force Inspection Program.\n\nThe report presents the results of the subject audit. Agency comments provided during\nand subsequent to a July 21, 2009, exit conference have been incorporated, as\nappropriate, into this report.\n\nPlease provide information on actions taken or planned on each of the\nrecommendations within 30 days of the date of this memorandum. Actions taken or\nplanned are subject to OIG followup as stated in Management Directive 6.1.\n\nWe appreciate the cooperation extended to us by members of your staff during the\naudit. If you have any questions or comments about our report, please contact me at\n415-5915 or Beth Serepca, Team Leader, at 415-5911.\n\nAttachment: As stated\n\x0cElectronic Distribution\n\nEdward M. Hackett, Executive Director, Advisory Committee on Reactor\n Safeguards\nE. Roy Hawkens, Chief Administrative Judge, Atomic Safety and\n Licensing Board Panel\nStephen G. Burns, General Counsel\nBrooke D. Poole, Jr., Director, Office of Commission Appellate Adjudication\nJim E. Dyer, Chief Financial Officer\nMargaret M. Doane, Director, Office of International Programs\nRebecca L. Schmidt, Director, Office of Congressional Affairs\nEliot B. Brenner, Director, Office of Public Affairs\nAnnette Vietti-Cook, Secretary of the Commission\nR. William Borchardt, Executive Director for Operations\nBruce S. Mallett, Deputy Executive Director for Reactor\n and Preparedness Programs, OEDO\nMartin J. Virgilio, Deputy Executive Director for Materials, Waste, Research,\n State, Tribal, and Compliance Programs, OEDO\nDarren B. Ash, Deputy Executive Director for Corporate Management\n and Chief Information Officer, OEDO\nVonna L. Ordaz, Assistant for Operations, OEDO\nKathryn O. Greene, Director, Office of Administration\nCynthia A. Carpenter, Director, Office of Enforcement\nCharles L. Miller, Director, Office of Federal and State Materials\n  and Environmental Management Programs\nGuy P. Caputo, Director, Office of Investigations\nThomas M. Boyce, Director, Office of Information Services\nJames F. McDermott, Director, Office of Human Resources\nMichael R. Johnson, Director, Office of New Reactors\nMichael F. Weber, Director, Office of Nuclear Material Safety and Safeguards\nEric J. Leeds, Director, Office of Nuclear Reactor Regulation\nBrian W. Sheron, Director, Office of Nuclear Regulatory Research\nCorenthis B. Kelley, Director, Office of Small Business and Civil Rights\nRoy P. Zimmerman, Director, Office of Nuclear Security and Incident Response\nSamuel J. Collins, Regional Administrator, Region I\nLuis A. Reyes, Regional Administrator, Region II\nMark A. Satorius, Region III\nElmo E. Collins, Jr., Regional Administrator, Region IV\n\x0c                                                           Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nEXECUTIVE SUMMARY\n\n           BACKGROUND\n\n                    The Nuclear Regulatory Commission (NRC) conducts Force-on-\n                    Force inspections at each of the Nation\xe2\x80\x99s nuclear power plants on\n                    at least a triennial basis in accordance with the 2005 Energy Policy\n                    Act.1 A Force-on-Force inspection is a performance-based\n                    inspection designed to assess the ability of licensees\xe2\x80\x99 security\n                    organizations to protect their facilities against sabotage.2 Any\n                    potentially significant deficiencies identified during these\n                    inspections are to be promptly corrected by the licensee.\n\n                    The Office of Nuclear Security and Incident Response (NSIR)\n                    manages the Force-on-Force inspection program. Force-on-Force\n                    inspections are part of NRC\xe2\x80\x99s baseline physical protection\n                    inspection program, and are the only baseline inspections managed\n                    at the headquarters level.3 Teams of headquarters-based\n                    inspectors and security risk analysts conduct inspections with\n                    support from physical security inspectors based in NRC\xe2\x80\x99s four\n                    regional offices. These regional inspectors provide site-specific\n                    knowledge and represent their respective offices while on site with\n                    headquarters staff and licensee employees. U.S. military personnel\n                    serve as technical advisors to the NRC teams and assist with some\n                    inspection tasks.\n                    The Force-on-Force program budget for Fiscal Year (FY) 2009 is\n                    approximately $3.5 million, and composes about 6 percent of\n                    NSIR\xe2\x80\x99s FY 2009 budget. Of the 251 Full Time Equivalents (FTE)\n                    allocated to NSIR in FY 2009, 14.8 FTE (6 percent) are assigned to\n                    the Force-on-Force program. NRC began the second triennial\n                    Force-on-Force inspection cycle in January 2008. NRC plans to\n                    conduct 25 Force-on-Force inspections during FY 2009.\n\n\n           PURPOSE\n\n                    The objective of this audit was to evaluate NRC\xe2\x80\x99s Force-on-Force\n                    inspection program to determine if design and implementation of\n                    the program are thorough, consistent, and in accordance with NRC\n\n1\n    Pub L. No. 109-58, \xe2\x80\x9cThe 2005 Energy Policy Act,\xe2\x80\x9d \xc2\xa7651, August 8, 2005.\n2\n NRC also conducts Force-on-Force inspections at other facilities that handle special nuclear materials,\nsuch as nuclear fuel cycle facilities. However, this audit focused on inspections at nuclear power plants.\n3\n    Inspection Procedure (IP) 71130, \xe2\x80\x9cBaseline Physical Protection Program.\xe2\x80\x9d\n                                                       i\n\x0c                                        Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n       standards. The audit focused on the program\xe2\x80\x99s development from\n       the first triennial inspection cycle through the current second\n       triennial inspection cycle.\n\n\nRESULTS IN BRIEF\n\n       NRC conducts Force-on-Force inspections to evaluate licensees\xe2\x80\x99\n       ability to protect nuclear power plants against Design Basis Threat\n       type adversaries. NRC meets its 2005 Energy Policy Act\n       requirement to conduct Force-on-Force inspections on a triennial\n       basis, and the program has adequate management controls to\n       ensure that inspections are thorough and comply with NRC\n       standards. In particular, the Office of the Inspector General found:\n\n       \xef\x82\xb7   NSIR management assessed the Force-on-Force program early\n           in the second inspection cycle, and subsequently undertook\n           organizational and procedural changes to improve internal\n           controls and program performance.\n\n       \xef\x82\xb7   NSIR and regional staff differ over interpretation of some NRC\n           guidance and approaches to conducting Force-on-Force\n           inspections.\n\n       By taking steps to reach agreement between headquarters and\n       regional staff regarding Force-on-Force inspection program\n       guidance, objectives, and best practices, NRC can better ensure its\n       credibility with licensees and foster positive working relationships\n       among staff involved in the Force-on-Force inspection program.\n\n\n RECOMMENDATIONS\n\n       All recommendations for this report appear at the end of Finding B.\n\n\n AGENCY COMMENTS\n\n       At a July 21, 2009, exit conference, NRC senior managers agreed\n       with the report contents and provided editorial suggestions. This\n       final report incorporates revisions made, where appropriate, as a\n       result of the agency\xe2\x80\x99s suggestions.\n\n\n\n\n                                   ii\n\x0c                                   Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nABBREVIATIONS AND ACRONYMS\n\n       CAF     Composite Adversary Force\n\n       CFR     Code of Federal Regulations\n\n       DBT     Design Basis Threat\n\n       FTE     Full-Time Equivalent\n\n       FY      Fiscal Year\n\n       IDS     Intrusion Detection System\n\n       NRC     Nuclear Regulatory Commission\n\n       NSIR    Office of Nuclear Security and Incident Response\n\n\n\n\n                             iii\n\x0c                    Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n\n[Page intentionally left blank.]\n\n\n\n\n               iv\n\x0c                                                 Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nTABLE OF CONTENTS\n\n        EXECUTIVE SUMMARY..........................................................i\n\n        ABBREVIATIONS AND ACRONYMS .................................... iii\n\n        I.     BACKGROUND.............................................................. 1\n\n        II.    PURPOSE ..................................................................... 4\n\n        III.   FINDINGS ...................................................................... 5\n\n               A.     NSIR Management Has Assessed the Force-on-Force\n                      Program and Instituted Changes to Enhance\n                      its Performance ...................................................... 5\n\n               B.     Headquarters and Regional Staff Differ Over\n                      Guidance and Approaches to Force-on-Force\n                      Inspections ............................................................. 8\n\n        IV.    AGENCY COMMENTS ................................................ 12\n\n\n    APPENDICES\n\n        A.     TITLE 10, CODE OF FEDERAL REGULATIONS,\n               SECTION 73.1a AND b ................................................ 13\n\n        B.     SCOPE AND METHODOLOGY ................................... 17\n\n\n\n\n                                             v\n\x0c                    Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n\n[Page intentionally left blank.]\n\n\n\n\n               vi\n\x0c                                                          Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nI.       BACKGROUND\n\n                    The Nuclear Regulatory Commission (NRC) conducts Force-on-\n                    Force inspections at each of the Nation\xe2\x80\x99s nuclear power plants on\n                    at least a triennial basis in accordance with the 2005 Energy Policy\n                    Act.4 A Force-on-Force inspection is a performance-based\n                    inspection designed to assess the ability of licensees\xe2\x80\x99 security\n                    organizations to protect their facilities against sabotage.5 Any\n                    potentially significant deficiencies identified during these\n                    inspections are to be promptly corrected by the licensee.\n\n                    The Office of Nuclear Security and Incident Response (NSIR)\n                    manages the Force-on-Force inspection program. Force-on-Force\n                    inspections are part of NRC\xe2\x80\x99s baseline physical protection\n                    inspection program, and are the only baseline inspections managed\n                    at the headquarters level.6 Teams of headquarters-based\n                    inspectors and security risk analysts conduct inspections with\n                    support from physical security inspectors based in NRC\xe2\x80\x99s four\n                    regional offices. These regional inspectors provide site-specific\n                    knowledge and represent their respective offices while on site with\n                    headquarters staff and licensee employees. U.S. military personnel\n                    serve as technical advisors to the NRC teams and assist with some\n                    inspection tasks.\n\n                    NRC conducts each Force-on-Force inspection in three phases.\n                    The first phase, target set7 review, is performed by headquarters-\n                    based security risk analysts and generally occurs at least several\n                    weeks before onsite inspection work begins. Security risk analysts\n                    review plant operating procedures and documentation of plant\n                    operating systems in coordination with licensee security and\n                    engineering personnel. Following their evaluation, security risk\n                    analysts create a list of potential target sets to be used in planning\n                    the exercise portion of the inspection.\n\n\n\n\n4\n    Pub L. No. 109-58, \xe2\x80\x9cThe 2005 Energy Policy Act,\xe2\x80\x9d \xc2\xa7651, August 8, 2005.\n5\n NRC also conducts Force-on-Force inspections at other facilities that handle special nuclear materials,\nsuch as nuclear fuel cycle facilities. However, this audit focused on inspections at nuclear power plants.\n6\n    Inspection Procedure (IP) 71130, \xe2\x80\x9cBaseline Physical Protection Program.\xe2\x80\x9d\n7\n  A target set is a combination of equipment, which, if damaged or disabled, would likely result in significant\nreactor core damage. Target sets also include plant operator actions intended to prevent or mitigate damage\nto this equipment.\n\n                                                      1\n\x0c                                                        Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n                 During the second phase, pre-exercise planning week, NRC\n                 inspection teams composed of headquarters and regional staff\n                 conduct onsite planning and inspection work in preparation for\n                 Force-on-Force exercises. For example, the inspection teams\n                 conduct tabletop drills with licensee personnel to evaluate plant\n                 security plans against a series of possible attack scenarios. In\n                 addition to tabletop drills, the NRC inspection teams physically test\n                 plant intrusion detection systems,8 and observe a sample of plant\n                 security personnel perform tactical demonstrations.\n\n                 The exercise week is the last portion of the inspection. During this\n                 week, a composite adversary force (CAF) playing the role of a\n                 mock adversary group simulates attacks against the power plant.9\n                 The CAF is trained and equipped to approximate the capabilities of\n                 a design basis threat (DBT) adversary. The DBT reflects NRC\xe2\x80\x99s\n                 intelligence analysis of the type, composition, and capabilities of\n                 potential adversaries.10 The CAF attempts to simulate destroying\n                 enough plant equipment to damage the power reactor\xe2\x80\x99s core or\n                 spent fuel pool, thereby triggering a release of radiation into the\n                 environment. The licensee\xe2\x80\x99s security personnel seek to interdict\n                 the CAF and prevent damage to plant equipment.\n\n                 NRC gives plant operators 8 to12 weeks advance notice of Force-\n                 on-Force inspections for safety and logistical purposes. Plant staff\n                 must coordinate the efforts of two sets of security officers: one for\n                 maintaining site security during exercises, and another for\n                 participating in the exercises. In addition, plant staff must assemble\n                 and train a group of individuals, typically plant employees, to control\n                 and monitor exercises.\n\n\n\n\n8\n NRC regulations require detection of penetration or attempted penetration of a power plant\xe2\x80\x99s protected\narea to ensure that the plant\xe2\x80\x99s security organization can adequately respond. A perimeter intrusion\ndetection system generally consists of one or more sensors, electronic processing equipment, a power\nsupply, signal transmission media, an alarm monitor with display, and a means for maintaining and providing\nan alarm history. See NRC Regulatory Guide 5.44, pp.1-2.\n9\n The CAF is composed of security officers from various nuclear power plants, and is managed by a private\ncompany that provides security services for a number of U.S. nuclear power plants. Although NRC does not\noversee CAF teams, NRC inspectors monitor CAF performance with assistance from U.S. military personnel\nassigned to inspection teams. NRC requires a separation of functions between the CAF and licensee\nsecurity forces to ensure an independent, reliable, and credible mock adversary force.\n\n10\n  DBT details are classified; however, Title 10 Section 73.1 of the Code of Federal Regulations (CFR)\nprescribes general DBT adversary characteristics. See Appendix A for 10 CFR 73.1 a (Purpose) and b\n(Scope).\n                                                    2\n\x0c                                                        Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n\n                                                                 Licensee security\n                                                                 personnel preparing for a\n                                                                 Force-on-Force exercise.\n                                                                 Source: NRC\n\n\n\n\n                 The Force-on-Force program budget for Fiscal Year (FY) 2009 is\n                 approximately $3.5 million, and composes about 7 percent of\n                 NSIR\xe2\x80\x99s FY 2009 budget. Of the 251 Full Time Equivalents (FTE)\n                 allocated to NSIR in FY 2009, 14.8 FTE (6 percent) are assigned to\n                 the Force-on-Force program. Table 1 shows program budget and\n                 FTE data for FY 2005 through FY 2009.\n\n             Table 1: Force-on-Force Program Annual Budgets and FTE\n\n               FY 2005            FY 2006              FY 2007        FY 2008           FY 2009\n Budget\n               $1,878,397       $1,911,088        $1,395,392         $2,049,530       $3,500,00011\n\n\n     FTE\n                         9.3              14.6               17.2            15.4               14.8\nSource: OIG analysis of NSIR data.\n\n                 NRC began the second triennial Force-on-Force inspection cycle in\n                 January 2008. NRC plans to conduct 25 Force-on-Force\n                 inspections during FY 2009. Auditor analysis of historical data\n                 found that inspector workload varies from site to site, depending on\n                 variables such as the amount of followup needed after each site\xe2\x80\x99s\n                 inspection. Graph 1 shows median annual inspection hours per\n                 site from FY 2005 through FY 2008.\n\n\n\n11\n  The program budget increase in FY 2009 reflects costs of upgrading Multiple Integrated Laser\nEngagement System equipment used to simulate gunfire in Force-on-Force exercises, as well as the\npurchase of a new truck and trailer to transport this equipment.\n\n                                                   3\n\x0c                                                     Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n         Graph 1: Median Annual Force-on-Force Inspection Hours Per Site\n\n\n                    Median Force-on-Force Inspection Hours per Site\n                               FY 2005 through FY 2008\n              700\n              600\n                                                                                Median Regular\n              500                                                               Hours\n              400                                                               Median Overtime\n      Hours                                                                     Hours\n              300\n                                                                                Median Total Hours\n              200\n              100\n                0\n                       FY05     FY06          FY07          FY08\n                                       Year\n\nSource: OIG analysis of NSIR data.\n\nII.    PURPOSE\n\n                The objective of this audit was to evaluate NRC\xe2\x80\x99s Force-on-Force\n                inspection program to determine if design and implementation of\n                the program are thorough, consistent, and in accordance with NRC\n                standards. The audit focused on the program\xe2\x80\x99s development from\n                the first triennial inspection cycle through the current second\n                triennial inspection cycle.\n\n\n\n\n                                               4\n\x0c                                                           Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nIII. FINDINGS\n\n                    NRC conducts Force-on-Force inspections to evaluate licensees\xe2\x80\x99\n                    ability to protect nuclear power plants against DBT-type\n                    adversaries. NRC meets its 2005 Energy Policy Act requirement to\n                    conduct Force-on-Force inspections on a triennial basis, and the\n                    program has adequate management controls to ensure that\n                    inspections are thorough and comply with NRC standards. In\n                    particular, the Office of the Inspector General found:\n\n                    \xef\x82\xb7   NSIR management assessed the Force-on-Force program early\n                        in the second inspection cycle, and subsequently undertook\n                        organizational and procedural changes to improve internal\n                        controls and program performance.\n\n                    \xef\x82\xb7   NSIR and regional staff differ over interpretation of some NRC\n                        guidance and approaches to conducting Force-on-Force\n                        inspections.\n\n                    By taking steps to reach agreement between headquarters and\n                    regional staff regarding Force-on-Force inspection program\n                    guidance, objectives, and best practices, NRC can better ensure its\n                    credibility with licensees and foster positive working relationships\n                    among staff involved in the Force-on-Force inspection program.\n\n\n         A. NSIR Management Has Assessed the Force-on-Force Program and\n            Instituted Changes To Enhance Its Performance\n\n                    As a best practice, management should periodically assess\n                    programs and apply the results to improve program performance.\n                    In response to industry concerns regarding the consistency of\n                    inspections, NSIR staff assessed the Force-on-Force program in\n                    summer 2008. Following this assessment, NSIR management\n                    implemented several organizational and procedural changes\n                    designed to improve program performance. Some of these\n                    changes were instituted through revision of the Force-on-Force\n                    inspection procedure.12\n\n\n\n\n12\n     The current version of IP 71130.03 took effect in February 2009.\n                                                       5\n\x0c                              Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nBranch Reorganization\n\nNSIR management created the Security Training and Support\nBranch to manage inspection scheduling, development of new\nguidance, staff training, and other support tasks. These tasks were\npreviously performed by the Security Performance Evaluation\nBranch, which also runs Force-on-Force inspections. The new\norganization enables the Security Performance Evaluation Branch\nto focus on inspections, and divides management duties between\nthe respective branch chiefs.\n\nStandardization of Training Requirements\n\nHeadquarters-based Force-on-Force inspectors are now required\nto satisfy full qualification standards prescribed in Inspection\nManual Chapter 1245. This aligns the program with qualification\nstandards for regional-based physical security inspectors.\nPreviously, Force-on-Force inspectors were not subject to\nInspection Manual Chapter 1245 standards and thus were not\nrequired to undergo training and demonstrate proficiency in basic\ninspection skills.\n\nIncreased Recruitment and Training of Force-on-Force\nPersonnel\n\nNSIR management has increased recruiting and training of security\nrisk analysts and Force-on-Force inspectors to add rotational depth\nand distribute workload more evenly among staff. These efforts\nrespond to workload and inspection schedule pressures, as well as\nreportedly high staff turnover problems during the first inspection\ncycle. Though Force-on-Force team members rated morale as\nhigh, several acknowledged that the frequent travel and long work\ndays required for inspections are significant sources of stress.\n\nRevised Target Set Review Procedures and Standards\n\nNSIR management introduced new target set review procedures\nand adopted new standards for the types of actions plant operators\ncould take to protect critical plant equipment. Previously, NSIR\nsecurity risk analysts conducted site visits during the pre-exercise\nplanning week, which limited target set review time and increased\nthe chance of unresolved issues impacting subsequent exercises.\nSecurity risk analysts now review target set information and visit\nlicensees\xe2\x80\x99 sites before Force-on-Force inspections begin. In\naddition, the new inspection procedure enhances criteria that\n\n                          6\n\x0c                                                          Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n                  licensees must meet to receive credit for actions that plant\n                  operators would take during a contingency, such as a terrorist\n                  attack, to protect target set equipment. Specifically, licensees must\n                  demonstrate that their operators are properly trained and equipped,\n                  and are physically capable of performing planned protective actions\n                  while their plant is under attack.13\n\n                  Escalation Process\n\n                  The revised inspection procedure provides licensees a formal\n                  escalation process for resolving disputes with NRC about\n                  inspection planning and conduct. The process is designed to\n                  resolve disputes at the lowest NSIR management level necessary,\n                  and progressively elevate matters as higher management\n                  involvement is warranted. This enables Force-on-Force inspection\n                  team leaders to focus on inspection tasks while NSIR managers\n                  work directly with licensee managers to address their concerns,\n                  thereby reducing the impact of disputes on inspection schedules.\n\n                  Exercise Lessons Learned\n\n                  The revised inspection procedure establishes a formal process for\n                  capturing lessons learned and applying them to program guidance.\n                  According to NSIR staff, this previously occurred informally as staff\n                  shared observations about inspections verbally among themselves.\n                  The new procedure includes a template to be used in documenting\n                  lessons learned during inspections. Moreover, this new guidance\n                  requires managers to document cases in which lessons learned\n                  could serve as the basis for revising program guidance.\n\n                  Because these organizational and procedural changes have only\n                  recently been implemented, it is too early for OIG to evaluate the\n                  effectiveness of each change in meeting its intended goals.\n                  However, based on feedback received from industry and NRC staff,\n                  OIG believes these changes have the potential to enhance the\n                  efficiency, transparency, and rigor of the Force-on-Force inspection\n                  program.\n\n\n\n\n13\n   For instance, licensees cannot claim credit if high radiation or other environmental hazards would prevent\noperators from carrying out protective actions. Additionally, plant operators must be capable of accessing\ntarget set equipment without risking their own safety by confronting adversaries or passing through areas\ncontrolled by adversaries.\n                                                      7\n\x0c                                   Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nB.   Headquarters and Regional Staff Differ Over Guidance and\n     Approaches to Force-on-Force Inspections\n\n     Improved coordination of headquarters and regional inspection\n     activities would result from a shared understanding of policies and\n     procedures, and open communication among staff. Headquarters\n     and regional staff differ over interpretation of some inspection\n     guidance, and over approaches to conducting Force-on-Force\n     inspections. This has occurred in part because the program has\n     undergone substantial changes in a short period of time, but\n     procedural changes have not been effectively communicated to\n     regional staff in a systematic fashion. Additionally, differences\n     among headquarters and regional staff with respect to professional\n     backgrounds and skillsets are an additional factor. These issues\n     have not compromised Force-on-Force inspections; however,\n     disagreements between headquarters and regional staff regarding\n     procedures and policy can undermine NRC\xe2\x80\x99s credibility with\n     licensees and degrade staff morale.\n\n     Coordination of Headquarters and Regional Efforts Benefits\n     From Shared Understanding of Policies and Procedures\n\n     Improved coordination of headquarters and regional inspection\n     activities would result from a shared understanding of policies and\n     procedures, and open communication among staff. Internal control\n     principles applicable to NRC recommend that agency managers\n     communicate openly about policies and procedures, both internally\n     with their staff and externally with licensees. In addition, agency\n     managers should be conscious of issues affecting their agency\xe2\x80\x99s\n     internal control environment, including:\n\n     \xef\x82\xb7   Organizational structure and delegation of authority.\n     \xef\x82\xb7   Human capital policies and practices.\n     \xef\x82\xb7   Employee morale, competence, and discipline.\n\n     Headquarters and Regional Staff Differ Over Inspection\n     Guidance and Approaches\n\n     Headquarters and regional staff differ over interpretation of some\n     inspection guidance, and over approaches to conducting Force-on-\n     Force inspections. First, auditors found disagreements among\n     some staff regarding NRC\xe2\x80\x99s process for determining ownership of\n     findings resulting from Force-on-Force inspections. Specifically,\n     staff said NRC lacked clear direction regarding the scope of\n     headquarters and regional responsibilities for developing and\n     following up on findings. In addition, some regional staff expressed\n                                8\n\x0c                                                           Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n                  concern that headquarters was assuming more responsibility for\n                  non-Force-on-Force baseline security issues, which have\n                  traditionally been the responsibility of NRC\xe2\x80\x99s regional offices. This\n                  issue was eventually resolved during a May 2009 counterpart\n                  meeting involving headquarters and regional staff, and NSIR\n                  management agreed to clarify the inspection guidance.\n\n                  Second, headquarters and some regional staff differ in their\n                  interpretations about procedural standards for Intrusion Detection\n                  System (IDS) testing. These standards determine how Force-on-\n                  Force teams \xe2\x80\x9cchallenge test\xe2\x80\x9d licensees\xe2\x80\x99 systems during the pre-\n                  exercise planning week. Challenge testing entails broader goals\n                  and fewer constraints than operational tests performed by\n                  licensees; thus, interpretation of NRC\xe2\x80\x99s standards affects staff and\n                  licensee perceptions about whether Force-on-Force teams conduct\n                  challenge testing with an appropriate level of rigor.14\n\n                  Headquarters and some regional staff expressed differing views\n                  about headquarters teams' approaches to conducting Force-on-\n                  Force inspections. The majority of regional staff interviewed\n                  characterized these inspections as excessively adversarial, and\n                  attributed this to what they perceive as an overly aggressive\n                  mentality among headquarters staff and the CAF. Further, a few\n                  regional staff believed Force-on-Force exercise scenarios\n                  developed by the headquarters based teams exaggerate real-world\n                  threats to power plants. In contrast, headquarters-based Force-on-\n                  Force staff who expressed an opinion felt that that the exercises\n                  fairly test licensee security programs and appropriately fulfill NRC's\n                  regulatory15 and statutory16 requirements to evaluate licensees\n                  using credible, challenging scenarios reflecting DBT\n                  characteristics.17\n\n\n\n14\n   Force-on-Force teams conduct operational testing during the pre-exercise planning week to ensure\nlicensees\xe2\x80\x99 IDS equipment functions as designed and complies with standards in NRC Regulatory Guide\n5.44. Teams also conduct challenge testing, which probes the IDS for vulnerabilities that an adversary might\nexploit. According to IP 71130.03, challenge testing is to simulate DBT-adversary actions and is not\nbounded by NRC Regulatory Guide 5.44 Option 1 or 2 standards.\n15\n   NRC guidance requires inspection team leaders to select scenarios that challenge licensees\xe2\x80\x99 protective\nstrategies, and to ensure that scenarios target site-specific vulnerabilities. See IP 71130.03, p.31.\n16\n  According to the 2005 Energy Policy Act, NRC shall conduct exercises that \xe2\x80\x9cto the maximum extent\npracticable, simulate security threats in accordance with any design basis threat applicable to a facility.\xe2\x80\x9d\nSee Pub L. No. 109-58, \xe2\x80\x9cThe 2005 Energy Policy Act,\xe2\x80\x9d \xc2\xa7651, August 8, 2005.\n17\n  NRC Regulatory Guide 5.69 provides Force-on-Force teams guidance for planning and conducting\nexercises. IP 71130.03 includes an addendum, or \xe2\x80\x9ctactics guide,\xe2\x80\x9d to help inspection teams apply DBT-\nadversary characteristics to exercise scenarios.\n                                                       9\n\x0c                                                          Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n                  Staff Differences Result From Rapid Program Change, Lack of\n                  Systematic Communication, and Other Factors\n\n                  Differences between headquarters and regional staff interpretations\n                  of inspection guidance have resulted primarily from rapid program\n                  change and lack of systematic communication. The professional\n                  backgrounds of staff and team dynamics are additional factors.\n                  First, the Force-on-Force inspection program has undergone\n                  significant organizational and procedural changes since August\n                  2008. NSIR staff have briefed licensee personnel and industry\n                  representatives on these changes and their implications, yet policy\n                  and procedural changes have not been effectively communicated to\n                  regional staff in a systematic fashion. Regional managers said they\n                  communicate with NSIR management on an as-needed basis.\n                  Regional security inspectors learn of new policies and procedures\n                  by memos, e-mail, and their respective regional managers. Some\n                  information is communicated by headquarters-based staff to\n                  regional inspectors on site during Force-on-Force inspections.\n\n                  Counterpart meetings are another means of sharing information;\n                  however, several regional staff suggested that these meetings\n                  would be more beneficial if held on a routine basis.\n\n                  Second, regional and headquarters staff have different professional\n                  backgrounds, which influences team dynamics and inspection\n                  conduct. Regional physical security inspectors tend to have greater\n                  depth of experience with inspections and NRC\xe2\x80\x99s regulatory\n                  processes. Both headquarters and regional staff consider on-the-\n                  job training important for developing key skills such as\n                  communicating with licensees and documenting findings. In\n                  contrast, most headquarters-based Force-on-Force team members\n                  have less than 2 years of experience conducting Force-on-Force\n                  inspections.18 However, all of the current Force-on-Force\n                  inspectors have previous military and/or law enforcement\n                  experience, which has some applicability to evaluating licensee\n                  security programs and planning offensive missions for exercises.\n                  This mix of personnel with different backgrounds, skills, and lengths\n\n\n\n\n18\n   The Force-on-Force program instituted formal training program for inspectors in the first quarter of FY\n2009. As of April 2009, 9 of 12 Force-on-Force inspectors were certified basic inspectors; one inspector\nwas fully certified.\n\n                                                     10\n\x0c                                                        Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n                 of service\xe2\x80\x94which is inherent in Force-on-Force team\n                 composition\xe2\x80\x94impacts inspection planning and conduct as Force-\n                 on-Force team leaders try to leverage individuals\xe2\x80\x99 skills and apply\n                 lessons learned in conducting their work.19\n\n                 Staff Differences Can Undermine NRC\xe2\x80\x99s Credibility With\n                 Licensees and Degrade Morale\n\n                 Although the Force-on-Force program has management controls in\n                 place to ensure the consistency and transparency of inspections,\n                 lack of agreement on policy and procedures between regional and\n                 headquarters staff can undermine NRC\xe2\x80\x99s credibility with licensees.\n                 Regional staff told auditors that they need clear understanding of\n                 agency policy so they can explain NRC\xe2\x80\x99s actions to licensees.\n                 Otherwise, they risk contradicting their colleagues or misinforming\n                 licensee personnel, which can undermine the image of inspectors\n                 as competent, impartial regulators. Moreover, auditors found that\n                 unresolved disagreements between headquarters and regional staff\n                 can degrade morale by raising staff concerns about NSIR\n                 management\xe2\x80\x99s receptiveness to their ideas and concerns.\n\n                 Recommendations\n\n                 OIG recommends that the Executive Director for Operations:\n\n                 1.     Develop and implement a plan for routine communications\n                        between headquarters management and regional staff\n                        involved in the Force-on-Force program.\n\n                 2.     Encourage cross-training and rotational opportunities for\n                        headquarters and regional staff involved in the Force-on-Force\n                        program.\n\n\n\n\n19\n   Based on interview feedback, auditors found that the role of regional inspectors in Force-on-Force\ninspections depends upon various factors such as inspection team needs, team leader prerogative, and\nregional inspectors\xe2\x80\x99 seniority and expectations.\n                                                   11\n\x0c                                       Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nIV.   AGENCY COMMENTS\n\n         At a July 21, 2009, exit conference, NRC senior managers agreed\n         with the report contents and provided editorial suggestions. This\n         final report incorporates revisions made, where appropriate, as a\n         result of the agency\xe2\x80\x99s suggestions.\n\n\n\n\n                                  12\n\x0c                                          Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n                                                                              Appendix A\n\n\nTitle 10, Code of Federal Regulations, Section 73.1a and b\n\n          (a)    Purpose. This part prescribes requirements for the\n          establishment and maintenance of a physical protection system\n          which will have capabilities for the protection of special nuclear\n          material at fixed sites and in transit and of plants in which special\n          nuclear material is used. The following design basis threats, where\n          referenced in ensuing sections of this part, shall be used to design\n          safeguards systems to protect against acts of radiological sabotage\n          and to prevent the theft or diversion of special nuclear material.\n          Licensees subject to the provisions of \xc2\xa773.20 (except for fuel cycle\n          licensees authorized under Part 70 of this chapter to receive,\n          acquire, possess, transfer, use, or deliver for transportation formula\n          quantities of strategic special nuclear material), \xc2\xa7 73.50, and\n          \xc2\xa773.60 are exempt from \xc2\xa7 73.1(a)(1)(i)(E), \xc2\xa773.1(a)(1)(iii),\n          73.1(a)(1)(iv), \xc2\xa773.1(a)(2)(iii), and \xc2\xa773.1(a)(2)(iv). Licensees subject\n          to the provisions of \xc2\xa772.212 are exempt from \xc2\xa773.1(a)(1)(iv).\n\n          (1)    Radiological sabotage.\n\n          (i)     A determined violent external assault, attack by stealth, or\n          deceptive actions, including diversionary actions, by an adversary\n          force capable of operating in each of the following modes: A single\n          group attacking through one entry point, multiple groups attacking\n          through multiple entry points, a combination of one or more groups\n          and one or more individuals attacking through multiple entry points,\n          or individuals attacking through separate entry points, with the\n          following attributes, assistance and equipment:\n\n          (A) Well-trained (including military training and skills) and\n          dedicated individuals, willing to kill or be killed, with sufficient\n          knowledge to identify specific equipment or locations necessary for\n          a successful attack;\n\n          (B) Active (e.g., facilitate entrance and exit, disable alarms and\n          communications, participate in violent attack) or passive (e.g.,\n          provide information), or both, knowledgeable inside assistance;\n\n          (C) Suitable weapons, including handheld automatic weapons,\n          equipped with silencers and having effective long range accuracy;\n\n          (D) Hand-carried equipment, including incapacitating agents and\n          explosives for use as tools of entry or for otherwise destroying\n          reactor, facility, transporter, or container integrity or features of the\n          safeguards system; and\n                                       13\n\x0c                                 Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n(E) Land and water vehicles, which could be used for transporting\npersonnel and their hand-carried equipment to the proximity of vital\nareas; and\n\n(ii)   An internal threat; and\n\n(iii) A land vehicle bomb assault, which may be coordinated with\nan external assault; and\n\n(iv) A waterborne vehicle bomb assault, which may be coordinated\nwith an external assault; and\n\n(v)    A cyber attack.\n\n(2) Theft or diversion of formula quantities of strategic special\nnuclear material.\n\n(i) A determined violent external assault, attack by stealth, or\ndeceptive actions, including diversionary actions, by an adversary\nforce capable of operating in each of the following modes: a single\ngroup attacking through one entry point, multiple groups attacking\nthrough one or more groups and one or individuals attacking\nthrough multiple entry points, or individuals attacking through\nseparate entry points, with the following attributes, assistance and\nequipment:\n\n(A) Well-trained (including military training and skills) and\ndedicated individuals, willing to kill or be killed, with sufficient\nknowledge to identify specific equipment or locations necessary for\na successful attack;\n\n(B) Active (e.g., facilitate entrance and exit, disable alarms and\ncommunications, participate in violent attack) or passive (e.g.,\nprovide information), or both, knowledgeable inside assistance;\n\n(C) Suitable weapons, including handheld automatic weapons,\nequipped with silencers and having effective long range accuracy;\n\n(D) Hand-carried equipment, including incapacitating agents and\nexplosives for use as tools of entry or for otherwise destroying\nreactor, facility, transporter, or container integrity or features of the\nsafe-guards system;\n\n(E) Land and water vehicles, which could be used for transporting\npersonnel and their hand-carried equipment; and\n\n(ii)   An internal threat; and\n\n                            14\n\x0c                                Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\n(iii) A land vehicle bomb assault, which may be coordinated with\nan external assault; and\n\n(iv) A waterborne vehicle bomb assault, which may be coordinated\nwith an external assault; and\n\n(v)   A cyber attack.\n\n(b)   Scope\n\n(1)   This part prescribes requirements for:\n\n(i) The physical protection of production and utilization facilities\nlicensed under parts 50 or 52 of this chapter,\n\n(ii) The physical protection of plants in which activities licensed\npursuant to part 70 of this chapter are conducted, and\n\n(iii) The physical protection of special nuclear material by any\nperson who, pursuant to the regulations in part 61 or 70 of this\nchapter, possesses or uses at any site or contiguous sites subject\nto the control by the licensee, formula quantities of strategic special\nnuclear material or special nuclear material of moderate strategic\nsignificance or special nuclear material of low strategic significance.\n\n(2) This part prescribes requirements for the physical protection of\nspecial nuclear material in transportation by any person who is\nlicensed pursuant to the regulations in parts 70 and 110 of this\nchapter who imports, exports, transports, delivers to a carrier for\ntransport in a single shipment, or takes delivery of a single\nshipment free on board (F.O.B.) where it is delivered to a carrier,\nformula quantities of strategic special nuclear material, special\nnuclear material of moderate strategic significance or special\nnuclear material of low strategic significance.\n\n(3) This part also applies to shipments by air of special nuclear\nmaterial in quantities exceeding: (i) 20 grams or 20 curies,\nwhichever is less, of plutonium or uranium-233, or (ii) 350 grams of\nuranium-235 (contained in uranium enriched to 20 percent or more\nin the U-235 isotope).\n\n(4) Special nuclear material subject to this part may also be\nprotected pursuant to security procedures prescribed by the\nCommission or another Government agency for the protection of\nclassified materials. The provisions and requirements of this part\nare in addition to, and not in substitution for, any such security\nprocedures. Compliance with the requirements of this part does\n\n                           15\n\x0c                                Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nnot relieve any licensee from any requirement or obligation to\nprotect special nuclear material pursuant to security procedures\nprescribed by the Commission or other Government agency for the\nprotection of classified materials.\n\n(5) This part also applies to the shipment of irradiated reactor fuel\nin quantities that in a single shipment both exceed 100 grams in net\nweight of irradiated fuel, exclusive of cladding or other structural or\npackaging material, and have a total radiation dose in excess of\n100 rems per hour at a distance of 3 feet from any accessible\nsurface without intervening shielding.\n\n(6) This part prescribes requirements for the physical protection of\nspent nuclear fuel and high-level radioactive waste stored in either\nan independent spent fuel storage installation (ISFSI) or a\nmonitored retrievable storage (MRS) installation licensed under part\n72 of this chapter, or stored at the geologic repository operations\narea licensed under part 60 or part 63 of this chapter.\n\n(7) This part prescribes requirements for the protection of\nSafeguards Information (including Safeguards Information with the\ndesignation or marking: Safeguards Information\xe2\x80\x94Modified\nHandling) in the hands of any person, whether or not a licensee of\nthe Commission, who produces, receives, or acquires that\ninformation.\n\n(8) This part prescribes requirements for advance notice of export\nand import shipments of special nuclear material, including\nirradiated reactor fuel.\n\n(9) As provided in part 76 of this chapter, the regulations of this\npart establish procedures and criteria for physical security for the\nissuance of a certificate of compliance or the approval of a\ncompliance plan.\n\n\n\n\n                           16\n\x0c                                      Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n                                                                          Appendix B\nSCOPE AND METHODOLOGY\n\n       The objective of this audit was to evaluate NRC\xe2\x80\x99s Force-on-Force\n       inspection program to determine if design and implementation of\n       the program are consistent, thorough, reasonable, and in\n       accordance with NRC standards. The audit focused on the\n       program\xe2\x80\x99s development from the first triennial inspection cycle\n       through the current second triennial inspection cycle.\n\n       Auditors reviewed Federal Government laws and regulations\n       applicable to the Force-on-Force inspection program, including:\n\n       \xef\x82\xb7   The 2005 Energy Policy Act, Section 651.\n       \xef\x82\xb7   10 Code of Federal Regulations, Sections 73.1 and 73.55.\n\n       Auditors also reviewed NRC guidance governing baseline security\n       inspection procedures, regulatory processes, employee training\n       standards, and regulatory implementation guidance issued to\n       licensees. Guidance included:\n\n       \xef\x82\xb7   Inspection Procedure 71130.03: Contingency Response.\n       \xef\x82\xb7   Inspection Procedure 71130.04: Equipment Performance,\n           Testing, and Maintenance.\n       \xef\x82\xb7   Inspection Procedure 71130.05: Protective Strategy Review.\n       \xef\x82\xb7   Inspection Manual Chapter 0609, Appendix E: Baseline Security\n           Significance Determination Process for Power Reactors.\n       \xef\x82\xb7   Inspection Manual Chapter 1245, Qualification Program for the\n           Office of the Nuclear Reactor Regulation Program.\n       \xef\x82\xb7   Regulatory Guide 5.44, Perimeter Intrusion Alarm Systems.\n       \xef\x82\xb7   Regulatory Guide 5.69, Guidance for the Application of the\n           Radiological Sabotage Design-Basis Threat in the Design.\n       \xef\x82\xb7   Development, and Implementation of a Physical Security\n           Program that Meets 10 CFR 73.55 Requirements.\n\n       Auditors interviewed NSIR managers, Force-on-Force inspectors,\n       security risk analysts, and security inspectors and managers from\n       all four NRC regional offices to identify their respective roles\n       responsibilities in the program. Staff with experience in both the\n       first and second inspection cycles were asked to compare and\n       contrast the two cycles, and to comment on programmatic changes\n       undertaken since the first inspection cycle. Auditors reviewed e-\n       mail correspondence and observed a secure video-teleconference\n       involving headquarters and regional staff to corroborate interviews\n\n                                 17\n\x0c                               Audit of NRC\xe2\x80\x99s Force-on-Force Inspection Program\n\n\n\nand better understand internal deliberations over policy and\nprocedure. Auditors interviewed industry representatives and\nlicensee personnel to gather external perspectives on program\nperformance and NRC management\xe2\x80\x99s receptivity to industry\nconcerns. In addition, auditors observed two Force-on-Force\ninspections and one industry outreach conference.\n\n\nAuditors reviewed staff training records to verify NRC\xe2\x80\x99s new training\nand qualification tracking mechanism for Force-on-Force staff.\nAuditors analyzed budget and FTE data to measure program\nresource trends, and also analyzed time and attendance data to\nmeasure workload associated with Force-on-Force inspections.\n\n\nOIG conducted this audit between January 2009 and June 2009 in\naccordance with generally accepted Government auditing\nstandards. Those standards require that we plan and perform the\naudit to obtain sufficient, appropriate evidence to provide a\nreasonable basis for our findings and conclusions based on our\naudit objectives. We believe that the evidence obtained provides a\nreasonable basis for our finding and conclusions based on our audit\nobjective.\n\n\nMajor contributors to this report were: Beth Serepca, Team Leader;\nPaul Rades, Audit Manager; Jaclyn Storch, Senior Analyst; and\nMaxinne Lorette, Senior Auditor.\n\n\n\n\n                          18\n\x0c"